Cisco Wide Area Application Services (WAAS) Technical Overview · Cisco Wide Area Application Services (WAAS) Technical Overview ... Retail Office High Performance DC ... Config

Cisco Public © 2012 Cisco and/or its affiliates. All rights reserved. 1

Cisco Wide Area Application Services (WAAS)

Technical Overview Brian Nufer – Product Sales Specialist

Simon Bhagat – Consulting Systems Engineer

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

• Enterprise Application Delivery Challenges

• Introducing Cisco Wide Area Application Services

• Cisco WAAS Product Architecture

• Citrix ICA Optimization

• Application Specific Optimization

• WAAS Express

• Virtual WAAS

• Network-embedded Virtualization

• Management and WAVE Platforms

• Summary


Customers

/ Partners Home Office/

Coffee Shop

Guest Users

Branch Office

xAAS - Cloud

DC Apps & Data Campus

DR Site Branch Office

New IT and WAN

Optimization

Requirements

Datacenter Transformation

Virtualization

Private/Public Clouds

Software-as-a-Service

New Applications/Services

Rich Media, Video

Any-any collaboration

Virtual Desktops

Remote Access Evolution

Increased mobile users

‘Low-footprint’ branches

Partner access


• Applications perform well in LAN

High bandwidth

Low latency

Reliability

• Applications perform poorly in WAN

Already congested

Low bandwidth

Latency

Packet Loss

Server LAN

Switch

Client

Round Trip Time ~ 0 ms

LAN

Switch Server LAN

switch Client WAN

Round Trip Time ~ 10’s – 100’s ms

Cisco Public 5 © 2012 Cisco and/or its affiliates. All rights reserved.


WAAS Mobile

• Specifically Designed for Mobile Users

• Optimized for a single user

• Application Specific Optimizers

Virtual WAAS

• Application acceleration from

Private/Virtual Private Cloud

• VMWare ESX/ESXi and UCS

deployments

• Agile, elastic, multi-tenant deployment

• vCM: common virtualized management

for physical/virtual WAAS

WAAS Appliance

• Application acceleration

• Virtual blades in branch offices

• Scalable platforms for range of

deployments

• Virtualize WAN optimization

resources into pools of elastic

resources

• Deployed in-path or Out of path to

scale up to 8 AppNav modules &

32 WAAS or vWAAS Appliances.

AppNav

• Integrated ISR G2

• On-demand IOS-based

• Bandwidth optimization

• Inline IOS features (Security, QoS)

• Small footprint, Cost-effective, Single CLI

WAAS Express

• Integrated ISR G2

• Application Acceleration

• Software on-demand provisioning

• No fork lift upgrade

WAAS Service Ready Engine


WAAS

Appliances

WAAS ISR

Modules

WAAS

Express

vWAAS

WAAS

Mobile

Data Center Head End, Regional Hub

Large Branch, Regional Office

Low Density Branch Retail Office

Tele Worker Regional Office,

Commercial Head

End

SM-SRE-710 SM-SRE-910

890 29xx 39xx

WAAS

Mobile WAAS Mobile

1941/2901

Branch Config DC/Cloud Configs

Large Enterprise /SP DC & High Performance DC-DC

WAVE-8541 WAVE-7541 WAVE-7571

WAVE-294 WAVE-594 WAVE-694


Compact, multi-purpose blade housed in ISR G2

Intel single and dual core

64-bit CPU options with

virtualization extensions

One and two 500GB 2.5”

HDD options with field-

replacement protection

Non-RAID, RAID 0, and RAID 1

configuration options with hot-

swap capability

One external and two

internal GE ports with

TCP/IP acceleration

USB 2.0 port for

external device

connectivity

4GB and 8GB

DRAM options

Maximum 50W power draw

85% less than server

Wire-free, plug-and-play modularity, low

shipping weight (2.5lb/1.1kg)

Single and multi-blade

provisioning and

configuration through

IMC Express

Remote and

schedulable power

management

iSCSI initiator

hardware offload


Use Slots on Most Widely Deployed Branch Device

Direct SRE blade

to LAN connectivity

Redundant power

supply options Long service life 2x

typical blade system

Secure platform with

small attack surface

All-in-One Device for Branch Services

WAN Optimization

Routing/Switching

Wireless LAN/WAN

Application Hosting

Unified Communications

Security

2 and 3 RU

options 1, 2, 4 blade

slots options


SOHO User

WAAS Mobile

Software

Mobile User

Branch Office

WAAS

Service

Module WAN

Internet

Branch Office

WAAS

Express

Branch Office

WAAS

Appliance

Regional Office

WAAS

Appliance

WAAS

Mobile

Server VPN

vWAAS

WAE

Server

VMs

VMware ESXi Server

Nexus 1000v vPATH

UCS /x86 Server

FC SAN

Nexus 1000v VSM

Virtual Private

Cloud

Data Center or

Private Cloud WAAS

Appliances

VPN

VMware ESXi vWAAS

Appliances

Server VMs

AppNav

+ WAAS



Platform Management and Services

Cisco WAAS Operating System

Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery

Configuration

Management

System

(CMS)

SMB2/

CIFS

AO

TCP Proxy with Scheduler Optimizer (SO)

DRE, LZ, TFO

eMAPI

AO

HTTP

AO

SSL

AO

Video

AO

WoW

Virtual

Blade

# 2

Virtual

Blade

# 3

NFS

AO

Disk Storage (Cache, VB storage etc.) I/O

Multiple, Independent Processes Fault Isolation and Containment

Linux Kernel KVM

ICA

AO


WAE1 WAE2

WCCPv2

or PBR

WCCPv2

or PBR

A:B TCP SYN A:B TCP SYN

(marked)

A:B TCP SYN

(marked)

I know WAE1 is

in the path, let’s

accelerate!

Need to accelerate

this connection!

Here are my details

B:A TCP SYN/ACK

Acknowledge

Acceleration!

Here are my details

ACCELERATION

CONFIRMED!

B:A TCP SYN/ACK

(marked)

B:A TCP SYN/ACK

A B WAN

Solutions

• Devices automatically discover one another

• Devices automatically negotiate optimization

capabilities Benefits

• Eliminates need for complex overlay networks with tunnels

• And as the result reduces additional efforts associated with

management, security and monitoring


2 3

Time (RTT)

Bandwidth Utilization

Standard TCP

WAAS TFO

1

Solution

1. Shorter/Better Slow Start

2. Improved Bandwidth Usage

3. Better Performance incase of High Packet Loss

Benefit

• Improved WAN BW utilization & app throughput

• End-nodes isolation of unruly WAN conditions

• LAN like TCP behavior due to TCP Proxy


Synchronized

Compression

History

DRE

LZ LZ

DRE

WAN

Solutions

Data Redundancy Elimination (DRE)

Persistent LZ compression

Benefits

• New innovative context - aware

DRE

• Up to 100:1 compression

• Session-based compression

• Up to an additional 10:1 compression

even after DRE

http://images.google.com/imgres?imgurl=http://withcoupon.com/images/envelope.gif&imgrefurl=http://www.withcoupon.com/gettingstarted.cfm&h=149&w=150&sz=7&tbnid=qmH44IwYmq9HNM:&tbnh=89&tbnw=90&hl=en&start=12&prev=/images?q=email+envelope&svnum=10&hl=en&lr=

http://images.google.com/imgres?imgurl=http://withcoupon.com/images/envelope.gif&imgrefurl=http://www.withcoupon.com/gettingstarted.cfm&h=149&w=150&sz=7&tbnid=qmH44IwYmq9HNM:&tbnh=89&tbnw=90&hl=en&start=12&prev=/images?q=email+envelope&svnum=10&hl=en&lr=


• Increased bandwidth savings

through better compression

• Improve application performance

on video, virtual desktops, SaaS

• Per branch fault isolation and

protection

• Performance fairness across all

branches

Data Center Branch

Cache

Bi-Directional Cache

+

Uni-Directional

Cache

Prepositioned Files

Email, HTTP

Video, VDI, SaaS


Available Space CAPACITY


Broad Range of Applications

Fully Approved and Supported by Application Vendors

75%

99% 50% 20%

90%

80%

95%

90%

85%

99%

File Sharing

Protocols Applications Typical Reduction Maximum Reduction Response-Time Reduction

Email

Web Apps

Software Distribution

Enterprise Application

Backup Apps

Data Replication

CIFS NFS

Exchange OWA

Lotus Notes

HTTP HTTPS

System Center Config. Manager

Microsoft Oracle, SAP

Documentum

System Center Data Protection Manager

Legato, Veritas NetApp SnapMirror

Data Domain, Double Take, Veritas Vol Replicator

VDI Microsoft RDP

Citrix ICA VMWare View RDP

90% Video Live Video

Video on Demand

Challenges

Challenges

• Chatty Protocols

• WAN High Latency, High Packet

Loss, Low Bandwidth ...

Solutions

Challenges

• Read-Ahead

• Asynchronous write

• DRE hints

• Meta-data caching

• Conetxt - Aware DRE

• and more


Compliance with critical network services such us

• Quality of Service (QoS)

• Network Management

• Application Performance

• Security

• Optimized Routing

Disk Encryption

• Mitigate concern of data theft

• Standards-Based Strong

Encryption (FIPS 140-2 level 2,

256-bit AES)

WAN

SrcIP 1.1.1.1

DstIP 2.2.2.2

SrcPort 1434

DstPort 80 Application Data

SrcIP 1.1.1.1

DstIP 2.2.2.2

SrcPort 1434

DstPort 80 Optimized

Data

Cisco Wide Area Application Services

Application Optimizers

Advanced Compression

Transport Optimization


Plug-and-Play

• No network changes

• Mechanical fail-to-wire

Scalability and High Availability

• Up to 2

• Redundant network paths & asymmetry

• Load-sharing and fail-over

Transparent Integration

• Transparency and auto discovery

• 802.1q VLAN trunking

• All WAE appliances

• Interception access list

Remote

Office

WAN


WCCPv2

• Active/active clustering

•Load redistribution

• Fail-over

• Fail-through operation

• Near-linear scalability &

performance

• Cisco WAE as a next-hop

router

• Active/passive clustering

Policy Based Routing

WCCP variable timer Configurable timeout (9,15,30 Sec) default = 30 Sec (same as pre WAAS 4.4)

WAN

Remote

Office

Client

WCCP L2 Egress L2 Egress, WAAS remembers the

source Router for every flow

WAAS ensures as traffic leaves, it returns to the original router.

5.0


AppNav gives the ability to

Virtualize WAN optimization

resources into pools of elastic

resources with business

driven bindings

WAN

Exchange WEB Apps

Business Unit2 Business Unit1

WAN optimization Pools

vWAAS

WAVE WAE

vWAAS

Benefit

• AppNav IOM contains it’s own network hardware, processing data independent of the WAVE Appliance.

• The host appliance for a AppNav module can still be used to optimize traffic.

• AppNav can scale up to 8 AppNav modules, along with 32 WAAS or vWAAS Appliances.

• AppNav can be deployed In-Path and Out-of-Path


Deployment

Consideration In Path Off Path

AppNav

(In Path)

AppNav

(Off Path)

No Cable Insertion

Outage ✗ ✓ ✗ ✓

No Router / Switch

Code Dependency ✓ ✗ ✓ ✓

No Router / TCAM

Impact ✓ ✗ ✓ ✓

Load and

performance aware

flow distribution ✗ ✗ ✓ ✓

Asymmetric flow

support ✓ ✓ ✓ ✓

Inline Modes Parallel and

Serial N/A

Only Parallel

Required N/A

Ability to scale out

/ add capacity

Constrained

by Inline

Device

Constrained

by Router

TCAM

Constrained

by Inline

Device

10’s of Gbps /

Millions of

Connections


With AppNav

WAN

• Investment protection • Plug in AppNav IOM • Simple to configure • Flexible to deploy • Scalable • Native HA solution • Asymmetry solution

WAN

Today

Distribution

Scalability

HA & Asymmetry

Interception


WAN

• Investment protection • Plug in AppNav IOM • Light WCCP interception • Scalable • Non-disruptive capacity expansion and reduction • Native High Availability • Native Asym. handling

Today

WCCP • ServiceGroup 61/62 • Calculate mask • Plan for HA • Plan for Asymmetry

Light WCCP • Single ServiceGroup • Simple mask 0x01

Interception

Distribution

Scalability

HA & Asymmetry

Interception

Distribution

Scalability

HA & Asymmetry AppNav • AppNav cluster • Policy based flow distribution

WAN

With AppNav

• Scalable • High Availability solution • Asym. solution


InPath

WAN WAN

OffPath

Interception link: intercept traffic from and to client

• InPath - two arms of bridge group

• OffPath – single arm

Distribution link: AppNav to AppNav/WAAS communication

• GRE encapsulated

• InPath: separate physical port than interception link

• OffPath: May be the same physical port as interception link

GRE

Encapsulated GRE

Encapsulated


WAAS_1

WAAS_2

Data Center

WAAS_3

Cisco WAAS device failure

Branch Office

Branch Office

WAN

AppNav provides intelligent WAAS failure mitigation.

• On WAAS failure, AppNav maintain pre- existing TCP connections to other WAAS units

• AppNav Can also be configured with explicit backup HA units for critical devices.

• AppNav can also intelligently pass-through traffic if a failure would result in an overload condition for remaining units


WAN

Step Description

1 Forward path to WAAS through AppNav1

2 Flow updates between AppNav units

3 Reverse path to the WAAS through AppNav2

1

2 • Automatic asymmetry handling • Maintains natural traffic path • AppNav cluster – flow aware 3


WAN

1

2

DCI

9

5

3 6 8

4

7

• Automatic asymmetry handling • Maintains natural traffic path • AppNav cluster – flow aware • Best Practice: local policy -> local WAAS



Poor Performance

WAN impacts VDI

user experience:

Choppy screen

refreshes

Application slow-

down

Costly WAN Upgrades Video Quality Multiple Vendors

T1/E1 supports 5-10

users:

No bandwidth left

for other

applications,

voice or video

Poor user

experience:

Low definition

Clogs the WAN

Expensive vendor

coordination:

Storage

Servers

End-points

Network


Enable Cisco Networks to become Citrix HDX-aware

Commitment for joint technology development reaching from data center to network to endpoints

Broad go-to-market partnership to deliver desktop virtualization solutions to customers

Strategic Alliance to Drive

Desktop Virtualization


http://www.citrix.com/ready/partners/cisco/

products/cisco-waas

http://www.citrix.com/ready/partners/cisco/products/cisco-waas





High Performance Virtual

Desktops

Cisco WAAS

Cisco WAAS

No changes to

clients

No changes to

servers

Branch Office Data Center

Transparent

Handshake

Virtual Desktops


• Seamless interoperability with existing Citrix infrastructure

• Requires no changes to XenDesktop or XenApp configuration

Branch Clients

WAN

Cisco WAAS Cisco WAAS

HTTP/HTTPS ✓

✓

✓


Transparent insertion into

encrypted ICA/CGP

communication.

WAAS applies TCP flow

optimization to maximize bandwidth

usage and mitigate packet loss.

WAAS delivers Citrix-aware multi-user

Context-Aware Data Redundancy that

removes redundant data from across all

end user connections.

WAAS applies inline compression

algorithm over the optimized data,

maximizing savings

Optimized Normal Normal


Rich Media

Virtual Desktops

USB / Disk

Redirection

Data Center


Extra Free Space! CAPACITY

Core Desktop

Virtualization

Branch

Bi- and Uni-Directional Caches

Free Space CAPACITY

Save and Expand Caching

Area

Performance Fairness for All

Branches

Increased bandwidth savings through better compression

Directional data understanding allows for best performance


Best User Experience Fast and Simple Jointly Supported

• Up to 70% application acceleration

• Up to 90% video optimization

• Up to 95% print acceleration

• Zero server and client touch

• Supports existing Citrix Protocols – HDX and ICA, CGP, HTTP(S)

• Single solution for virtual and physical desktops

• Transparent insertion

• Validated and supported by Citrix and Cisco at time of availability



Uses MS-RPC - chatty protocol.

Exchanges many interactive control messages

MAPI traffic is negotiated using MS Port

Mapper (port 135) and is using dynamic ports

Data is encrypted between Client & Server

Challenge

Encrypted MAPI support

Full application support

Asynchronous Writes

Read Ahead

Messages Decompression & Re-encryption

End to End Kerberos Authentication

Solution

Maintain end to end application security for encrypted MAPI

Cleans up the outbox faster – important for cached mode users

Faster downloads of OAB, while significantly reducing BW consumption

Outlook 2000-2010 supported

Transparent, automatic optimization

No reverse engineering, fully supported my Microsoft

No security hole of keeping sessions open even after users have logged out

Benefit

WAN

Client SERVER

5.0


Exchange Server

Active Directory

Controller

(Kerberos KDC)

Core WAAS Branch WAAS

Outlook Client

WAN

Encrypted MAPI

Request

Securely transfer key

to remote branch.

Temporary keys allow

access to

Encrypt/Read/Sign Data

Application Data:

Encrypted

Authentication:

Kerberos

Application Data:

Optimized, Encrypted

Authentication:

Kerberos

Application Data:

Encrypted

Authentication:

Kerberos

WAN-Secure


WAAS needs to be configured with a read-only identity to obtain keys to encrypt, read, and sign data. WAAS supports two types of Active Directory identities:

Each Core WAAS device can join Active Directory as a “Workstation”

• Active Directory automatically performs password rotation for Workstation accounts

Or

Configure User Account(s) on each Core WAAS device

• A single user account can be used for all Core WAAS devices, if desired.


Data Center

WAN

Branch Office

WAN RTT Savings for subsequent requests

Faster Open, and Copy Operations

Read 1 2 Read Request 3

6

7 Local Read &

Responses

Read Response Read Response 4 5 READ

AHEADS


Data Center

WAN

Branch Office

Local Write &

Responses

1

3 2

WAN RTT Savings for requests

Faster write operations

Asynchronous

writes


CIFS is “Chatty" protocol

WAN’s high latency, packet loss, and

bandwidth constraints significantly

diminishes Server access

Challenge

File and Metadata caching

Read-ahead

Message pipelining

Scheduled preposition to pre-populate

Transparent integration

Dedicated CIFS cache

Solution

Enable consolidation of distributed file

and print resources into the data center

without compromising performance

Offload of Data Center Servers

Benefit WAN

CACHE

Files

FILE.DOC

• 2MB Word document open,

results in over 1000 message

exchanges.

• 40ms RTT WAN, equates to

more than 52 seconds of wait time

before the document is usable


Data Center

WAN

Branch Office


Faster Open, and Copy Operations

Read 1 2 Read Request 3

6

7 Local Read &

Responses

Read Response Read Response 4 5 READ

AHEADS Firs

t P

ass:

Rea

d A

hea

d

Sub

seq

uen

t R

equ

ests

: Ser

vice

d L

oca

lly


Data Center

WAN

Branch Office

Local Write &

Responses

1

3 2

WAN RTT Savings for requests

Faster write operations

Asynchronous

writes


Addresses optimizations for deployments which require higher performance, client scaling, and optimization support for new variants of SMB protocol (v2.x) including SMBv2 Signing!

Enhanced to support high performance on low latency connection uses cases:

• Increase in memory storage

vs. disk

• Latency: As low as 10ms and up

• WAN Throughput: Scale to 2.0 Gbps

SMB / CIFS

5.0


WAAS 5.0 SMB / CIFS Application Comparison

SMB

Application

Optimizer

CIFS

Application

Optimizer

Optimizes SMBv1 Traffic ✔ ✔

Optimizes CIFS Traffic ✔ ✔

Optimizes Print Traffic ✔ ✔

Optimizes Signed Traffic ✔ ✔

Optimizes SMBv2.x Traffic ✔ ✔

Native SMBv2.x Acceleration ✔ ✘

Performance tuned for High Throughput

/ Low Latency ✔ ✘

Supports Object Prepositioning ✘ ✔

Supports Advanced Print Acceleration ✘ ✔


MS Print protocol uses RPC - very “chatty”

As A result over WAN it degrades exponentially

as latency increases

Challenge

Based on licensed MS Print Protocols

Optimized access to print queue status and printer settings

Bi-directional Acceleration

Printer and Queue meta-data caching

Async write

DRE hints for enhanced payload compression

MS-RPC message optimization

RPC command fragments handled asynchronously

Delayed close of printer handles (OPEN requests local)

Solution

Users print at near-LAN speeds

No need for Network IT group to manage Branch Print

No configuration on WAAS – just turn it on!

Enable scalable centralized Windows Print services

Fully Transparent to Windows AD Management

Easy server migration from branch to datacenter

Benefit

Windows

Print Servers

WAN

Branch Office

Data Center

Print job sent to

Windows server

Print job sent

to printer

Local Printer


In Unix, NFS protocol is used for large file exchange such as

software builds, CAD applications and large directory access

NFSv3 is a “chatty” RPC protocol

Clients cannot efficiently operate on high-latency/high-

bandwidth WANs

Challenge

Can fill high-bandwidth links regardless of latency

Transparent to client and server. No configuration required.

Tested for compliance with IBM AIX, Linux and

Solaris clients + Leading NAS vendors!

Benefit

Read-Ahead

Asynchronous write

DRE hints

Meta-data caching

Solution

Original Connection Original Connection Optimized Connection

WAN

A D B C


WAN

Connect (SYN, SYN-ACK, ACK)

HTTP Request

HTTP Response

Connect

HTTP Request

HTTP Response

Slow page load on Interactive Web applications

Browsers serially open and close connections

to fetch small objects (e.g graphics)

Latency due to HTTP request/response

Challenge

Fast Connection Reuse

Proxy Connect to SSL Servers

Local HTTP responses through Metadata cache

Content-aware optimization

DRE hints

Server compression offload

Solution

Mitigates latency due to HTTP request/response

Fully transparent

Reuse of same pair of client and server requests

Compliments and preserves http application pipelining

Benefit


Data Center

WAN

Branch Office

1 GET logo.gif

4 GET logo.gif

3

Metadata Cache Hit! 5 304 Not-Modified

Etag: version1

Local Response: Freshness Info

Expiry time cached by WAAS 200 OK Etag: version1

Expires: 1 day


Improved Application Response Time across all clients

Browser Reload/Refresh

2

Firs

t P

ass:

Lea

rnin

g Su

bse

qu

ent

Req

ues

ts: S

ervi

ced

Lo

cally


Data Center

WAN

Branch Office

GET www.cco.cisco.com

5 301 Moved Permanently Location:

www.cisco-cco.com

GET www.cco.cisco.com

3

Old URL: www.cco.cisco.com New URL: : www.cisco-cco.com

301 Moved Permanently Location: www.cisco-cco.com



2

Metadata Cache Hit!

Firs

t P

ass:

Lea

rnin

g Su

bse

qu

ent

Req

ues

ts: S

ervi

ced

Lo

cally

4

1


Data Center

WAN

Branch Office

1

2 Get Object # 1

3 Notes authorization is required

Get Object # 1

7 401 Authorization Required

WWW-Authenticate:Basic …

4

401 Authorization Required …

Get Object #1 (Authorization: Basic (Username/Password)

200 OK 5

Metadata Cache Hit!

Firs

t P

ass:

Lea

rnin

g Su

bse

qu

ent

Req

ues

ts: S

ervi

ced

Lo

cally

6

Get Object #1 (Authorization: Basic (Username/Password)



Latency mitigation during morning rush 8


• WAAS optimization benefits are maximized only when applied to decrypted payload

SSL Handshake

“session key” derived

Encrypted Data Exchange

WAN

Client Server


WAN

• Core WAE acts as a Trusted Intermediary Node for SSL requests by client

• Private Key and Server Certificate are stored on the Core WAE device

• Core WAE participates in SSL Handshake to derive “session key”

• Distributes the “session key” securely in-band to the Edge WAE over the established connection between the Edge WAE and Core WAE

Send “session key”

SSL Session Core WAE to Server

- Core WAE: Server Private Key SSL Session Client to Core WAE (WAAS)

Edge WAE Core WAE

Transparent

Secure Channel

Original Data - Encrypted Optimized & Encrypted Original Data - Encrypted

SSL Handshake SSL Handshake Client Server


Description Feature

Real-time check whether SSL certificates are valid and/or revoked

Online Certificate Status Protocol (OCSP)

Server authenticates client based on client certificates. WAAS SSL can optimize traffic using client certificates

Client Authentication

WAAS can optimization connections that upgrades from clear text to a crypto-SSL during connection set-up

Explicit HTTP(S) Proxy

Higher Security Key Exchange Method Diffie-Hellman (DHE) Key Exchange

Automated trust relationship negotiation between WAAS devices using device group

Simplified Group based Trust configuration

Maintains Trust Model in DC = Better Security

Widest Range of SSL Acceleration

Flexible Deployment

Ease of Operation = Lower Opex

Benefit • OSCP

• Supports client authentication &

validation

• SSL Service policy required only on the Core

WAE

• Scalable service configuration using Wildcard

certificates

• Server key kept on core WAE

• Edge & core WAEs communicate

securely

• PKI integration

• Wildcard Certificates signed by CA

• Enterprise CA signed Certificate

Local HTTP reposnses through Metadata cache, DRE hints, server compression offload

HTTP Optimization techniques


BRANCH OFFICE

WAN

DATA CENTER BRANCH OFFICE

BRANCH OFFICE

Click on published

URL to get live

stream

2

Uncompressed

Video 1

Microsoft

Windows Media

Server (WMS)

Encoder

Web Portal

List of scheduled live

streaming events

WAAS

WAAS

WAAS

3 Opens Windows

Media Player

Only one stream per

remote site

auto-detect RTSP

connections (no

configuration required)

WAAS

Note: Separate WAAS license for Windows Media Live Streaming required per contract w/Microsoft


Windows Media Stream Splitting - Each new client request (over LAN) will reuse existing incoming

stream (over WAN) for the same stream URL

Data-reduction and optimization for non-WMT/RTSP video – WAN optimization and bandwidth

reduction for other video formats including video over HTTP, Flash, QuickTime, RealVideo, and any

other video protocol that uses TCP as a transport

Intelligent video server offload – Cisco WAAS video delivery services minimize the burden placed

on the origin video server by intelligently

RTSP/TCP rollover - Client requests over RTSP/UDP automatically rolled over to RTSP/TCP

Solution

WAN Bandwidth Savings

One video stream per remote site per webcast

Edge-stream splitting serves users at site

Leverage existing IP infrastructure

Multicast enabled networks not required

Defer requirement for bandwidth upgrades

Lower TCO

Reduce IT coordination needed for video apps (e.g. webcasting)

Server Offload: Fewer Streaming Servers required in Data Center

Lower Op-Ex: No configuration required (auto-detect live RTSP traffic)

Benefit



Extend Cisco WAAS product portfolio across ISR G2s

Cisco WAAS Express

Cisco WAAS

Data Center

Branch Office

WAN QoS

VPN

NAT

ACL

FW

NetFlow

WAAS Express

Simple Investment Protection Cost Effective

• 2X BW savings for SSL secured applications

• Enables enterprise-wide delivery of broad range of applications

• Enhanced BW optimization and application performance visibility

• No remote-office probe

• Save BW and remote office infra costs, while gaining greater application up-time with performance visibility

WAAS Central

Manager

IOS 15.2(3)T

Available

Now!


IOS Forwarding Path

CEF Interception and reinsertion

Compression (LZ) TCP Flow

Optimizations (TFO)

Data Redundancy Elimination (DRE)

TCP Proxy

Network Integration

L4: Throughput Optimization

Un

ified

Man

ag

em

en

t

Policy Engine

Select Application Acceleration


DRE and LZ on Upload and Download

• Bi-Directional optimization enables better compression for typical branch office tasks

• Enabled by default, no configuration required.

Multiple / Backup WAN link support

• WAAS Express now supports Multiple WAN links.

• Per-TCP session load-sharing required.

• Asymmetric interfaces supported.

• Useful for failing to Backup WAN links.

WAAS WAAS

Express DRE

WAAS

Express WAN1

WAN2

IOS 15.2(3)T

Available

Now!


Extended Optimization: HTTP Application Support

• Data Pattern Hints – Better performance, longer history.

• HTTP Mime/File Type Intelligence – Better latency reduction

• Suppress Server-Encoding – Better data reduction

WAAS

Express WAAS

IOS 15.2(3)T

Available

Now!


Extended Optimization: CIFS Application Support

• Data Pattern Hints – Better performance, longer history.

• File Type Intelligence, Read Ahead, Metadata Caching

• Targeted for inefficient CIFS / SMBv1 traffic

• Interoperates with WAAS appliance CIFS and SMB Optimizers

WAAS

Express WAAS

IOS 15.2(3)T

Available

Now!


Support for Native SSL and HTTPS Web Applications

WAAS

WAAS

Express

SSL Optimized

Traffic

WAN-Secure

Key Exchange

• Uses the proven and efficient Cisco WAAS SSL Infrastructure

• Enabled by default if SECK9 license is present.

• SSL Server Key and Certificates never need to be loaded in WAAS Express.

• Dynamic learning and forwarding of ephemeral SSL session keys from WAAS

• Simple configuration via the WAAS Central Manager

• Utilize Hardware processing on VPN-ISM module for higher performance (1941, 29xx, 39xx)

IOS 15.2(3)T

Available

Now!


• WAAS Express is a feature license which can be enabled with any technology package licenses

• Enforced using a license key

• License key enforcement done in IOS on the router using Cisco Software Licensing Infrastructure

• 60 day trial license available

• WAAS Express will not register with WAAS Central Manager unless valid and active license is present

• WAAS Central Manager will periodically ensure (trial and extension) license is active to allow customer configuration

Universal Image

Security U.C. Data

IP Base

Universal Image

W.E

W.E W.E W.E


Cisco

WAAS

Cisco

WAAS Express

Auto Discovery of end nodes

TFO (Transport Flow Optimization)

Compression

DRE (Data Redundancy Elimination) - Disk based

- Persistent

Memory based

- non-persistent

Bandwidth Optimization for Secured Web

(SSL)

Application Acceleration Selected file/web

Network Services Integration

WAAS Central Manager WAASx2.0: WCM5.0

WAASx1.0: WCM4.31+

WAAS Software compatibility Cisco WAAS backward

compatible

WAASx2.0: WAAS4.4.3c

WAASx1.0: 4.2.1+


Cisco Performance Agent (PA) Response Time Monitoring reporting for WAAS Express

• No Agent to install – Router configuration only

• Available in Base IOS Router License

• Can export Application Response Time data to Cisco collectors and other 3rd party collectors - Netflow

• Cisco NAM 5.1 can display Application Response Time for WAAS & WAAS Express.

WAAS

Express

Perf. Agent

WAAS

Flow Monitor

Detailed Application

Response Time Information

Cisco Network

Analysis Module

(NAM) 5.1



Branch Office

WAAS

Private Cloud

WAAS

Accelerate cloud-bursting, workload mobility, virtualized deployment

Mobile Users

Virtual Private Clouds

Accelerate to VPC and other clouds

Elastic multi-tenancy

Policy based orchestration lowers opex

Access to Virtual Private Cloud

Workload mobility

Scale-out

Challenges Challenges

Enterprise B Enterprise A

Cisco WAAS Benefits

Enterprise A

WAN


WAN or Internet

UCS Compute/ Virtualized Servers

Nexus 2K/5K

UCS Compute/ Physical servers

WCCP

VMware ESXi Server

UCS /x86 Server

Private Cloud

• Traditional WAN Edge Deployment at Branch and DC

Gradual migration from Physical to Virtual

Multi-tenancy support

Private Cloud, Virtual Private Cloud,

& Public Cloud

Re-direction using vPath @VM level

Elastic provisioning

Multi-tenancy support

1

2

VMware ESXi Server

Nexus 1000V vPATH

VMware ESXi

VMware ESXi Server

Nexus 1000V vPATH

UCS /x86 Server

vPATH


VMware ESXi Server

Nexus 1000V vPATH

VMware ESXi Server

Nexus 1000V vPATH

Web

Server DB

Server vWAAS

Web

Server App

Server vCM Web

Server

Feature

1. On-Demand and elastic Orchestration

2. Application based interception

3. Fault Tolerant persistent performance

4. Multi-tenancy with flexible deployment

Benefit

Non Opt Port-Profile

vWAAS Port-Profile

Optimize Port-Profile

1. Optimization based on the port-profile

policy in Nexus 1000V

2. New VM inherits policy

3. vPATH aware of VM mobility from one

host to another

4. vWAAS DRE cache can be deployed in

SAN


Platform Management and Services

Configuration Management

System (CMS)

CIFS AO

TCP Proxy with Scheduler Optimizer (SO) DRE, LZ, TFO

MAPI AO

HTTP AO

SSL AO

Video AO

NFS AO

Server HW (CPU, memory, Hard Disk (SAN/DAS)) Ethernet Network

I/O

Cisco WAAS Operating System

Policy Engine, Filter-Bypass, Egress Method, Directed Mode,

Auto-Discovery, drivers

VMware User Space

vmTools

VMWARE ESXi



• Centralize what you can with WAAS

• Locally host services (e.g. Windows Servers) on same WAAS device

WAN

Users

Backup

Local Storage

Cisco WAAS Router

Servers

Business and

Communication Applications

Backup Storage

Cisco WAAS

Cisco WAAS Virtual Blade technology

Providing Best Mix of Distributed and Centralized IT Services

Validated by Microsoft for Windows Services

Flexible, Optimized Branch IT Data Center

Windows Server 2008 R2

Microsoft

System Center

V

B

2

V

B

3

V

B


• Allocate resources and start Virtual-Blade instance

Easy & Simple - from WAAS CM or from CLI

• Centrally deploy server image over to WAE

From CLI or WAAS CM, using FTP or HTTP

WAN

Remote

Office

Data

Center

Remote

Office

WAAS

Appliance

WAAS

Appliance

V

B

1

V

B

2

V

B

3

V

B

1

V

B

2

V

B

3

WAAS

Appliances


• Broad range of services

Microsoft Windows Services (e.g. DNS, DHCP, SCCM)

Custom applications (internally developed )

Other applications (NAM, eCDS, Altiris)

• Improved performance, scale and usability

Multiple CPUs for VB (SMP) for higher compute performance

Network I/O Paravirtualization for higher network performance

Remote Network Boot Install (PXE) for agile provisioning

• Microsoft SVVP validated for Windows Server 2003, 2008 and 2008 R2

V

B

1

V

B

2

V

B

3


Microsoft Windows Server

2008 Server Core

• Broad range of services

(DNS, DHCP, SCCM, ...)

Cisco WAAS with Virtualization

• Complete WAN optimization +

application acceleration

• SVVP certification on 2008 R2

(broader range of windows

services)

Cisco WAAS with pre-packaged Windows Server 2008 services

• Joint architecture development

• Joint customer support


• PreExecution Environment

(PXE) client:- To fetches the

image from the Boot Server

• PV driver:- efficient

hardware access to Physical

NIC, improves performance

for custom applications

requiring high network

throughput

PXE

PXE

PXE

DHCP server

Boot server

Transfer

image

once

WAN

Device picks up VB-hosted

server image Automatically

from boot server

Cisco WAAS OS

Virtualization Layer

(PV-enabled)

Custom application (Network I/O intensive)

WAVE Appliance

Driver

PV-aware

Physical NIC

D

A

T

A

WAAS

Service



Usability and scalability

• Single Point Configuration, Monitoring, and reporting

• HTML5 interface and charts,

• iPad Ready, no flash/apps required

• Device/system alarms + SNMP and syslog integration

• Platforms

WAAS appliances, WAAS Modules, WAAS Express 2.0, vWAAS

• SOA-ready Monitoring

Standard XML Web Service (SOAP)

Integration with external reporting and monitoring portals

• Active/standby

• Automatic failover

• Config replication

High Availability

• HTTPS GUI and intra-device communication

• RBAC support

• Integrated IOS-like CLI accessible via SSH

Security

• Improved visibility to application performance

• Effective integrated Management & monitoring

• Rapid analysis of application performance issues

Integrated Application Performance Monitoring

5.0


• Transparent Integration Packet header preservation

Enables visibility to end-nodes

• Flow Export Agent Transmit accurate connection data to monitoring

systems

Eliminates WOC distortion of TCP RTT analysis

• Central Manager API Single view of Application Performance

Management and Optimization

No optimization Without Flow Export Agent (Inaccurate)

Flow Export Agent Enabled (Accurate)

Optimization Enabled

Remote Office

WAN

TCP Flow Export Agent

Cisco NAM

WAAS CM


No optimization

Optimization Enabled

Provide top talkers, network usage and application performance metrics before and after WAAS deployment, including WAAS Express

Simplified configuration and monitoring workflow for Application Performance Monitoring


• NAM extends visibility to remote sites with PA

Integrated application performance and network usage statistics

PA as a new data sources

• Cisco PA available as software feature in base IOS image

Available in 15.1(4)T

Supported platforms - 880, 890, and ISR G2

Cisco NAM with Software 5.1

Cisco Performance Agent

ISR Platforms


Platform

Total

DRAM

Required

Maximum WAN

bandwidth

Supported

Recommended

Number of Users

Max TCP

Connections

88x 768 M 1.5Mbps 1-10 75

89x 768 M 2 Mbps 1-10 75

1921* 512 M 512 Kbps 1 – 5 50

1941 2.5 G 4 Mbps 15-20 150

2901 2.5 G 6 Mbps 15-20 150

2911 2.5 G 6 Mbps 25 200

2921 2.5 G 6 Mbps 25 200

2951 4 G 6 Mbps 25 200

3925 4 G 10 Mbps 50 400

3945 4 G 10 Mbps 50 400

WAAS Express requires maximum DRAM installed as indicated

Typical Interfaces – 3G, T1, E1, Multi T1s, Multi E1s, and Serial

Performance Testing Conducted with IOS FW, VPN (IPsec), NAT, and, QoS

* 1921 – no DRE support – only TFO/LZ, no additional memory required


Hardware Configuration

Memory (GB)

Max Opt TCP Conn

Number of

Virtual Blades

Drive (GB)

RAID WAN

Capacity (Mbps)

Connectivity Options

NME-WAE-302 .5 250 N/A 80 N/A 4 N/A

NME-WAE-502 1 400 N/A 120 N/A 4 N/A

NME-WAE-522 2 800 N/A 160 N/A 8 N/A

SM-SRE-700/710

4 500 N/A 500 N/A 20 N/A

SM-SRE-900/910

4 1000 N/A 500 RAID-1 50 N/A

WAVE-294

4 200 2

250 N/A

10

4 port GE Cu

8 port GE Cu

4 port GE fiber

8 400 2 20

WAVE-594

8 750 2

500 Optional 2nd HDD

for RAID1

50

12 1,300 4 100

WAVE-694

16 2,500 4

2x600 RAID-1

200

24 6,000 6 200

* Final recommendations requires a detailed sizing exercise that include application traffic mix, traffic characteristics, application load and other factors

mentioned in the sizing guidelines.


Hardware Configuration

Memory (GB)

Max Opt TCP Conn

Drive (GB)

RAID WAN

Capacity (Mbps)

Connectivity Options

WAVE-7541 24 18,000 6 x 450 RAID-5 500 2 port 10GE SFP+

8 port GE Cu

4 port GE fiber

WAVE-7571 48 60,000 8 x 450 RAID-5 1,000

WAVE-8541 96 150,000 8 x 600 RAID-5 2,000

Model OPT TCP

Conn

WAN BW

Mbps

Virtual

Cores

Memory

GB

Hard Disk

GB

WAAS

Model

vWAAS-200 200 10 1 2 160 294

vWAAS-750 750 50 2 4 250 594

vWAAS-6000 6000 200 4 8 500 694

vWAAS-12000 12000 310 4 12 750 -

vWAAS-60000 60000 1000 8* 48 1500 7571

Model MAX

Devices

Virtual

Cores

Memory

GB

Hard Disk

GB

WAAS

Model

vCM-100N 100 2 2 250 -

vCM-2000N 2000 4 8 600 694

Performance results

based on

Cisco UCS C210 M2

Cisco UCS B250 M2


2 port 10GE

Module

4 port GE Cu

Module

8 port GE Cu

Module

4 port GE Fiber

Module

Part Number WAVE-10GE-2SFP WAVE-INLN-GE-4T WAVE-INLN-GE-8T WAVE-INLN-GE-4SX

Inline Mode ✓ ✓ ✓

Media SFP+ SR N/A N/A N/A


Cisco AppNav 10Gbps AppNav Off path deployment only appliance

WAAS 5.0

4 x 10G SFP+

Cisco WAVE Appliance

Cisco AppNav

WAAS +

Cisco AppNav Cisco AppNav IOM:

12 x 1G copper

12 x 1G SFP

Cisco WAVE:

WAVE-8541

WAVE-7571

WAVE-7541

WAVE-694

WAAS 5.0

Cisco AppNav 1Gbps Off path or in path deployment

5.0


Cisco UCS C-200M1

• 10,000 Concurrent Mobile Clients

• Concurrent licensing: 30,000 – 40,000 end

users

Mobile clients • 600 Mbps LAN-side

• 200 Mbps WAN-side

• 100,000 TCP connections

Throughput


Cost Effective

Most cost-effective

Saves up to 40% over comparable

Delivers operational flexibility at scale

Comprehensive

Improves end user - application experience

Only portfolio that fits every site

Proven end-to-end architectural approach

Cloud Ready

Starts with branch and consolidated data centers

Transparently scaling to cloud & SaaS

Thank you.

Documents

Cisco Wide Area Application Services (WAAS) Technical Overview · Cisco Wide Area Application Services (WAAS) Technical Overview ... Retail Office High Performance DC ... Config